public static X509Certificate MakeCertificate(IAsymmetricCipherKeyPair _subKP,
string _subDN, IAsymmetricCipherKeyPair _issKP, string _issDN, string algorithm, bool _ca)
{
IAsymmetricKeyParameter _subPub = _subKP.Public;
IAsymmetricKeyParameter _issPriv = _issKP.Private;
IAsymmetricKeyParameter _issPub = _issKP.Public;
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.Reset();
_v3CertGen.SetSerialNumber(allocateSerialNumber());
_v3CertGen.SetIssuerDN(new X509Name(_issDN));
_v3CertGen.SetNotBefore(DateTime.UtcNow);
_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
_v3CertGen.SetSubjectDN(new X509Name(_subDN));
_v3CertGen.SetPublicKey(_subPub);
_v3CertGen.SetSignatureAlgorithm(algorithm);
_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
_v3CertGen.AddExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
X509Certificate _cert = _v3CertGen.Generate(_issPriv);
_cert.CheckValidity(DateTime.UtcNow);
_cert.Verify(_issPub);
return _cert;
}
public static X509Certificate MakeCertificate(AsymmetricCipherKeyPair _subKP,
string _subDN, AsymmetricCipherKeyPair _issKP, string _issDN, bool _ca)
{
AsymmetricKeyParameter _subPub = _subKP.Public;
AsymmetricKeyParameter _issPriv = _issKP.Private;
AsymmetricKeyParameter _issPub = _issKP.Public;
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.Reset();
_v3CertGen.SetSerialNumber(allocateSerialNumber());
_v3CertGen.SetIssuerDN(new X509Name(_issDN));
_v3CertGen.SetNotBefore(DateTime.UtcNow);
_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
_v3CertGen.SetSubjectDN(new X509Name(_subDN));
_v3CertGen.SetPublicKey(_subPub);
_v3CertGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
if (_ca)
{
_v3CertGen.AddExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
}
else
{
_v3CertGen.AddExtension(X509Extensions.ExtendedKeyUsage, true,
ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
}
X509Certificate _cert = _v3CertGen.Generate(_issPriv);
_cert.CheckValidity(DateTime.UtcNow);
_cert.Verify(_issPub);
return _cert;
}
public static X509Certificate MakeCertificate(
AsymmetricCipherKeyPair subKP, string _subDN,
AsymmetricCipherKeyPair issKP, string _issDN, bool _ca)
{
AsymmetricKeyParameter subPub = subKP.Public;
AsymmetricKeyParameter issPriv = issKP.Private;
AsymmetricKeyParameter issPub = issKP.Public;
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.Reset();
v3CertGen.SetSerialNumber(AllocateSerialNumber());
v3CertGen.SetIssuerDN(new X509Name(_issDN));
v3CertGen.SetNotBefore(DateTime.UtcNow);
v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
v3CertGen.SetSubjectDN(new X509Name(_subDN));
v3CertGen.SetPublicKey(subPub);
if (issPub is RsaKeyParameters)
{
v3CertGen.SetSignatureAlgorithm("SHA1WithRSA");
}
else if (issPub is ECPublicKeyParameters)
{
ECPublicKeyParameters ecPub = (ECPublicKeyParameters) issPub;
if (ecPub.AlgorithmName == "ECGOST3410")
{
v3CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
}
else
{
v3CertGen.SetSignatureAlgorithm("SHA1withECDSA");
}
}
else
{
v3CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
}
v3CertGen.AddExtension(
X509Extensions.SubjectKeyIdentifier,
false,
CreateSubjectKeyId(subPub));
v3CertGen.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
false,
CreateAuthorityKeyId(issPub));
v3CertGen.AddExtension(
X509Extensions.BasicConstraints,
false,
new BasicConstraints(_ca));
X509Certificate _cert = v3CertGen.Generate(issPriv);
_cert.CheckValidity();
_cert.Verify(issPub);
return _cert;
}
